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DETAILED ACTION 

This office action is in response to remarks filed on January 26, 201 1. Claims 33- 
51 and 53-62 are pending. 

Allowable Subject Matter 

Claims 34, 46, 50 and 55 are objected to as being dependent upon a rejected base 
claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims and also subject to overcoming 
101 rejection as discussed below. 

Claim Rejections - 35 USC § 101 

1. Previous rejection under 35 U.S.C. 101 for claims 47and 51 has been withdrawn 
and for claim 60-62 rejection is maintained as discussed below. 

Specification 

The specification is objected to as failing to provide proper antecedent basis for 
the claimed subject matter. See 37 CFR 1.75(d)(1) and MPEP § 608.01(o). Correction 
of the following is required: Specification does not discuss or describe the claimed 
terminology "non transitory computer readable medium". The examiner previously 
suggested that the specification should be amended to include the term "non transitory 
computer readable storage medium" to avoid this objection to the specification for a lack 
of antecedent basis of the claimed terminology. 
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Response to Arguments 

Applicant's arguments filed on August 13, 2010 have been fully considered but 
they are not persuasive because of the following reasons: 

Regarding Claims 33-51 and 53-62 applicants argued that the cited prior arts 
(CPA) [Alie (U. S. Publication No.: 2003/0055738)] the SIM in Alie's system is only 
provided in the mobile handset (see Alie, Fig. 12, reference number 1205 and 1204) and 
there is only one authentication process between the server and the mobile handset using 
the SIM. See Alie, Figs. 6, 7a, 7b, and 8. Thus, Alie does not disclose or suggest the 
claimed "a second subscriber identity module" and/or "a second authentication," as 
recited in amended claim 33 (and similarly in claims 44, 48, 53, and 60). 

This is not found persuasive. The system of cited prior art teaches mobile 
transaction device that has smart card with encryption keys and calculates response using 
ID code (a first subscriber identity module) , transaction value and challenge. This 
personal mobile device comprises means for receiving information related to a 
transaction (a first, SIM-based authentication) and sending a response, a hardware 
secure module (smart card) with encryption keys for processing information and 
calculating the response, an interface for displaying information and prompting the end 
user for the identification code (PIN) and means for inputting the identification code 
(using a second subscriber identity module) and approving the transaction (a second 
authentication) . The transaction information includes a challenge value, a label 
containing context information and a numerical value. 
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Specifically, the present invention consists of a system and method for effecting 
transactions with strong multi-factor end user authentication, using personal mobile 
devices. 

This system includes the authentication server side processing of the transaction 
request. The authentication server sends the request information to its own Hardware 
Security Module (HSM) to obtain a derived challenge value (a non-predictable number) 
which is attached to a label containing context information as well as a numerical value 
pertaining to the transaction (transaction value, transaction number, or other), so that the 
transaction is uniquely identified 

This system further consists of the procedure implemented by the personal mobile 
device (e.g. a personal digital assistant or a mobile handset), including its own hardware 
security module (HSM), to calculate and send back a response (signature). At the personal 
mobile device, the elements sent by the server are transferred to and processed by the 
HSM. If the personal mobile device has a direct connection, e.g. through a wireless link, 
to the server then the transfer of all elements is automatic. If it has an indirect connection, 
for example the information is shown on a personal computer display, the user must 
manually transfer two of the three elements (i.e. the challenge and the transactional 
value) using the personal mobile device input capability. The personal mobile device 
displays the information relating to the transaction, such as the value, and prompts the 
person for a PIN. The HSM uses the PIN, the transaction value, the challenge, and 
encryption keys to calculate a response. The response is sent to the server, automatically 
or manually depending on the type of the connection with the server ([Fig. 2-7, and 0010- 
0018, 0048-0041, and 0070-0096]). 
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As a result, cited prior art does implement and teach a system that methods that 
relates to authenticating users of data processing systems using SIM based authentication 
involving an exchange of identification data stored on a Subscriber Identity Module. 

Therefore, the examiner asserts that cited prior art does teach or suggest the 
subject matter broadly recited in independent Claims and in subsequent dependent 
Claims. Accordingly, rejections for claims 33, 35-45, 47-49, 51, 53, 54 and 56-62 are 
respectfully maintained. 

Claim Rejections - 35 USC § 101 

2. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

3. Claims 60-62 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non- statutory subject matter. 

4. Claims 60-62 recite, authentication kit, which is interpreted as software per se, 
however, the claims fail to assert the program recorded on an appropriate computer- 
readable medium so as to be structurally and functionally interrelated to the medium and 
permit the function of the descriptive material to be realized. Since a computer program 
is merely a set of instructions capable of being executed by a computer without a 
computer-readable medium needed to realize the computer program's functionality, it is 
regarded as nonstatutory functional descriptive material. See MPEP 2106.01 for details. 
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1 . Examiner notes that the use of word kit in the preamble does not inherently mean 
that the claim is directed towards a machine or hardware. At least one claim within the 
claim language needs to positively indicate that it is a physical part of the apparatus. In 
the claim language cited above elements such as "an authentication kit for authenticating 
a user's data processing terminal. . ." can be considered as software elements because 
claim language does not disclose a hardware entity upon which these elements reside 
on or they themselves being hardware elements, performing these functions. 
Therefore claims 60 and 62 are directed towards software per se and is rejected under 35 
U.S.C 101. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent granted 
on an application for patent by another filed in the United States before the invention by the applicant 
for patent, except that an international application filed under the treaty defined in section 351(a) shall 
have the effects for purposes of this subsection of an application filed in the United States only if the 
international application designated the United States and was published under Article 21(2) of such 
treaty in the English language. 

Claims 33, 35-45, 47-49, 51, 53-54 and 56-62 are rejected under 35 U.S.C. 102(e) 
as being anticipated by Alie (U. S. Publication No.: 2003/0055738). 
1. Regarding Claim 33 Alie teaches and describes a method of authenticating a data 
processing terminal of a user for granting the data processing terminal access to selected 
services provided by a data processing system, the user being provided with an 
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authenticatable mobile communication terminal adapted to be used in a mobile 
communication network[0058-0061], comprising: 

performing a first, SIM -based authentication of the user's data processing terminal 
in the data processing system at an authentication data processing server, said performing 
the SIM-based authentication comprising operatively associating with the user's data 
processing terminal a first subscriber identity module issued to the data processing 
terminal user [0072-0075]; 

having the user's mobile communication terminal authenticated in the mobile 
communication network [0077]; and 

conditioning the authentication of the user's data processing terminal in the data 
processing system to a second authentication, said second authentication being based on 
identification information provided to the user at the mobile communication terminal 
through the mobile communication network using a second subscriber identity module 
(secret i.e. PIN) ([0078-0081]). 

2. Regarding Claim 44 Alie teaches and describes a method by which a data 
processing terminal in a data processing system is authenticated in order to be granted 
access to selected services provided by the data processing system [0058-0061], the 
method comprising: 

interacting with a first user's subscriber identity module (SIM) operatively 
associated with the data processing terminal, and with an authentication data processing 
server in the data processing system, for performing a SIM-based authentication of the 
user's data processing terminal [0072-0075]; 
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acquiring personal identification information provided to the user at a user's 
mobile communication terminal for second authentication, wherein the second 
authentication is through a mobile communication network using a second subscriber 
identity module; and sending said personal identification information to the 
authentication data processing server for completing the authentication of the data 
processing terminal (secret i.e. PIN) ([0077-0081]). 

3. Regarding Claim 48 Alie teaches and describes a method by which an 
authentication data processing server authenticates a user's data processing terminal in a 
data processing system in order to grant the data processing terminal access to selected 
services provided by the data processing system [0058-0061, comprising: 

receiving a request of authentication of the data processing terminal, the data 
processing terminal having operatively associated therewith a first subscriber identity 
module; performing a SIM-based authentication of the data processing terminal based on 
data associated with the first subscriber identity module [0072-0075]; 

providing the user with first personal identification information by exploiting a 
user's mobile communication terminal authenticated in a mobile communication network 
[0077]; and 

conditioning the authentication of the user's data processing terminal to a 
prescribed correspondence between the first personal identification information provided 
to the user and second personal identification information received from the user's data 
processing terminal through the mobile communication network using a second 
subscriber identity module in reply to the provision of the first personal identification 
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information (secret i.e. PIN) ([0078-0081]). 

4. Regarding Claim 53 Alie teaches and describes in a data processing system, a 
system for authenticating a data processing terminal of a user so as to grant the data 
processing terminal access to selected services provided by the data processing system, 
the user having an authenticatable mobile communication terminal adapted to be used in 
a mobile communication network [0058-0061], comprising: 

a first subscriber identity module operatively associatable with the data processing 
terminal; and an authentication data processing server adapted to carry out a first 
authentication step based on the first subscriber identity module [0072-0075]; 

the authentication data processing server being further adapted to carry out a 
second authentication process based on identification information provided to the user at 
the mobile communication terminal through the mobile communication network using a 
second subscriber identity module (secret i.e. PIN) ([0077-0081]). 

5. Regarding Claim 60 Alie teaches and describes an authentication kit for 
authenticating a user's data processing terminal in a data processing system in order to 
grant the data processing terminal access to selected services provided by the data 
processing system [0058-0061], comprising: 

a first subscriber identity module; a hardware computer peripheral device having 
associated therewith the first subscriber identity module and operatively associatable with 
the user's data processing terminal [0072-0075]; and 
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a second subscriber identity module operatively associated with a user's mobile 
communication terminal for allowing connection thereof to a mobile communication 
network (secret i.e. PIN) ([0077-0081]). 

6. Regarding Claim 62 Alie teaches and describes an authentication kit for 
authenticating a user's data processing terminal in a data processing system in order to 
grant the data processing terminal access to selected services provided by the data 
processing system [0058-0061], comprising: 

a first subscriber identity module; a hardware computer peripheral device having 
associated therewith the first subscriber identity module and operatively associatable with 
the user's data processing terminal [0072-0075]; 

a second subscriber identity module operatively associated with a user's mobile 
communication terminal for allowing connection thereof to a mobile communication 
network; and the computer program product of claim 47 or 51 (secret i.e. PIN) ([0077- 
0081]) 

4. Claims 35-43, 45, 47, 49, 5 1, 54, 56-59 and 61 are rejected applied as above 
rejecting Claims 33, 44, 48, 53, and 60. Furthermore, Alie teaches and describes data 
dependent scrambler, wherein: 

As per Claim 35, comprising having the user entering the second password 
through the data processing terminal ([0010-0018]). 

As per Claim 36, the second password is entered automatically upon receipt of the 
first password at the user's mobile communication terminal ([0070-0076]). 
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As per Claim 37, said first password is usable a limited number of times, or one 
time only ([0070-0076]). 

As per Claim 38, comprising issuing to the user a second subscriber identity 
module adapted to be used in the user's mobile communication terminal for 
authentication thereof in the mobile communication network ([0010-0018]). 

As per Claim 39, the second subscriber identity module has a fixed, one-to-one 
relationship with the first subscriber identity module ([0070-0076]). 

As per Claim 40, the first subscriber identity module is associated with an 
identifier of the second subscriber identity module, or a mobile communication terminal 
number ([0070-0096]). 

As per Claim 41, said identification information is sent to the user's mobile 
communication terminal by way of a short message service message ([0070-0096]). 

As per Claim 42, said first subscriber identity module is of a type adopted in 
mobile communication networks for authenticating mobile communication terminals 
([0010-0018]). 

As per Claim 43, said performing the first, SEVl-based authentication of the data 
processing terminal comprises having the first subscriber identity module authenticated 
by an authentication server of the data processing system, the authentication server acting 
substantially as an authentication center of a mobile communication network operator 
([0070-0096]). 

As per Claim 45, in which the first subscriber identity module is of a type adopted 
in mobile communication networks for authenticating mobile communication terminals 
([0010-0018]). 
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As per Claim 47, a non-transitory computer-readable medium encoded with a 
computer program product directly loadable into a working memory of a data processing 
terminal, the computer program product comprising software code portion capable of 
performing, when executed, the method according to claim 44 ([0054-0068]). 

As per Claim 49, the first subscriber identity module is of a type adopted in 
mobile communication networks for authenticating mobile communication terminals, the 
authentication data processing server acting substantially as an authentication center of a 
mobile communication network operator ([0054-0068]). 

As per Claim 51, a non- transitory computer-readable medium encoded with a 
computer program product directly loadable into a working memory of an authentication 
data processing system, the computer program product comprising software code portion 
capable of performing, when executed, the method according to claim 48 ([0054-0068]). 

As per Claim 54, the first subscriber identity module is of a type adopted in 
mobile communication networks for authenticating mobile communication terminals 
([0010-0018]). 

As per Claim 56, the second subscriber identity module is in a fixed, one-to-one 
relationship with the first subscriber identity module ([0070-0076]). 

As per Claim 57, the second subscriber identity module is associated with an 
identifier of the second subscriber identity module, particularly a mobile communication 
terminal number ([0070-0076]). 

As per Claim 58, said first subscriber identity module is associated with a device 
connectable to the computer through a computer peripheral connection port ([0010- 
0018]). 
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As per Claim 59, said mobile communication network is one among a GSM, a 
GPRS, and a UMTS network ([0070-0096]). 

As per Claim 61, the first subscriber identity module is of a type adopted in 
mobile communication networks for authenticating mobile communication terminals 
([0010-0018]). 



Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of 
time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the 
advisory action. In no event, however, will the statutory period for reply expire later than 
SIX MONTHS from the mailing date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SYED ZIA whose telephone number is (571)272-3798. 
The examiner can normally be reached on 9:00 to 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William R. Korzuch can be reached on 571-272-7589. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 
Customer Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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April 5, 2011 
/Syed Zia/ 

Primary Examiner, Art Unit 243 1 



